Privacy and power

Canada’s Privacy Commissioner has released an excellent report, highlighting some of the disturbing trends that he sees as ongoing. Rather than paraphrase, I will quote one of the best sections extensively:

It is my duty, in this Annual Report, to present a solemn and urgent warning to every Member of Parliament and Senator, and indeed to every Canadian:

The fundamental human right of privacy in Canada is under assault as never before. Unless the Government of Canada is quickly dissuaded from its present course by Parliamentary action and public insistence, we are on a path that may well lead to the permanent loss not only of privacy rights that we take for granted but also of important elements of freedom as we now know it.

We face this risk because of the implications, both individual and cumulative, of a series of initiatives that the Government has mounted or is actively moving toward. These initiatives are set against the backdrop of September 11, and anti-terrorism is their purported rationale. But the aspects that present the greatest threat to privacy either have nothing at all to do with anti-terrorism, or they present no credible promise of effectively enhancing security.

The Government is, quite simply, using September 11 as an excuse for new collections and uses of personal information about all of us Canadians that cannot be justified by the requirements of anti-terrorism and that, indeed, have no place in a free and democratic society.

I applaud both the Commissioner’s comments and his willingness to take such a firm and public stance. As I’ve said dozens of times now: terrorists are dangerous, but governments fundamentally much more so. They can cloak themselves in secrecy and are imbued with a level of power that permits them to do enormous harm, whether by accident or by design. Compared with the excesses and abuses committed by governments – Western democratic governments included – terrorism is a minor problem.

As Congress debates new rules for government eavesdropping, a top intelligence official says it is time that people in the United States change their definition of privacy.

Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.

[…]

“Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety,” Kerr said. “I think all of us have to really take stock of what we already are willing to give up, in terms of anonymity, but [also] what safeguards we want in place to be sure that giving that doesn’t empty our bank account or do something equally bad elsewhere.”

Anonymity, privacy, and security are intertwined; you can’t just separate them out like that. And privacy isn’t opposed to security; privacy is part of security. And the value of privacy in a free society is enormous.

The debate isn’t security versus privacy. It’s liberty versus control.
You can see it in comments by government officials: “Privacy no longer can mean anonymity,” says Donald Kerr, principal deputy director of national intelligence. “Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.” Did you catch that? You’re expected to give up control of your privacy to others, who — presumably — get to decide how much of it you deserve. That’s what loss of liberty looks like.

It should be no surprise that people choose security over privacy: 51 to 29 percent in a recent poll. Even if you don’t subscribe to Maslow’s hierarchy of needs, it’s obvious that security is more important. Security is vital to survival, not just of people but of every living thing. Privacy is unique to humans, but it’s a social need. It’s vital to personal dignity, to family life, to society — to what makes us uniquely human — but not to survival.

If you set up the false dichotomy, of course people will choose security over privacy — especially if you scare them first. But it’s still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” It’s also true that those who would give up privacy for security are likely to end up with neither.

Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data.

Data is the pollution of the information age. It’s a natural byproduct of every computer-mediated interaction. It stays around forever, unless it’s disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after effects are toxic.

And just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we’re ignoring data in our rush to build the Information Age.

Rebecca Jeshke from the Electronic Frontier Foundation sez, “Most Americans know very little about how the law protects them from searches, seizures, and surveillance. EFF launched Surveillance Self-Defense today — a practical, online how-to guide for protecting your private data against government spying. The guide includes tips on assessing the security risks to your personal computer files and communications, strategies for interacting with law enforcement, and articles on specific defensive technologies such as encryption that can help protect the privacy of your data.”

This week on the Canadian Broadcasting Corporation’s excellent Search Engine podcast, host Jesse Brown has posted part one of a fantastic interview with Ann Cavoukian about the risks associated with RFID-enabled identity cards and other personal objects and devices.

Jesse frames the issue as well as I’ve heard it ever framed: “They freak me out. Not because I think there’s some kind of sinister government conspiracy behind them, but because the idea of every dude walking around with a thirty foot cloud of data emanating from his pants is so tantalizing that it invites sinister conspiracies. It challenges criminals’ brains to come up with ways to defraud us. It woos law enforcement to blur or bend or rewrite the rules. That is how filled with FAIL arphid tags are.”

dkleinsc writes “The NY Times has a piece about work being done by Congressman Rush Holt (D-NJ) and others to curb NSA efforts to read email and Internet traffic. Here’s an excerpt: ‘Since April, when it was disclosed that the intercepts of some private communications of Americans went beyond legal limits in late 2008 and early 2009, several Congressional committees have been investigating. Those inquiries have led to concerns in Congress about the agency’s ability to collect and read domestic e-mail messages of Americans on a widespread basis, officials said. Supporting that conclusion is the account of a former NSA analyst who, in a series of interviews, described being trained in 2005 for a program in which the agency routinely examined large volumes of Americans’ e-mail messages without court warrants. Two intelligence officials confirmed that the program was still in operation.'”